Cannot use Okta through Postman or SDK

Hi,

I created an Okta account, generated an API Token on the dev site and tried to add a user or get a list of users.

With the .NET Okta.Sdk I get the error ‘Invalid Token Provided’ every time, but with Postman I got a little further obtaining a long HTML response (558 KB) that basically says “Page not found”.

Here’s a simple command tat I use for getting a list of users (I replaced the api token):

curl -v -X GET
-H “Accept: application/json”
-H “Content-Type: application/json”
-H “Authorization: SSWS …”
“https://okta.com/api/v1/users”

Please help me add users to Okta because we have existing customers who want to migrate to this solution and I already changed our software to use the Okta Authentication.

Thank you,
Paul

Hey Paul,

Make sure to correct your API matches this format: http://{{your-okta-tenant}}.okta.com/api/v1/users

Hi brh55,

If I do that, then I get the error:

{
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oaeEz6AJ1L7QB2S7Bv3JSqr8A”,
“errorCauses”:
}

I’ve read somewhere that I should ignore “{{your-okta-tenant}}”, so I did. At least this way I’m not getting a direct error, but the response is still incorrect.

Regards,
Paul

So that is the error you want as it means you are hitting the endpoint, just not providing a valid token.

Couple things:

• Make sure you generate the token from the same okta tenant you are hitting the endpoint
• The user who generated your token has sufficient permissions as tokens will inherit permissions from the creator
• You are passing the token in Authorization header as SSWS API_TOKEN_HERE (looks right from your sample curl)
• The token is not expired as tokens need to be used at least once every 30 days, otherwise they will expire

I’m generating the API token on https://dev-48184511-admin.okta.com/admin/access/api/tokens
my user is Super Admin, the last token that I used was generated 2 days ago (although it seems strange that it has the same datetime in the Created and Expires fields).

I’m wondering what you mean by " * Make sure you generate the token from the same okta tenant you are hitting the endpoint". I have a single Okta trial account.

I noticed that if I specify in Postman in the Authorization tab Type=OAuth 2.0 and I paste the API token in the Access Token field, then I always get the result ‘1’ for any command. But the commands don’t seem to have any effect because I tried to create some users and then get a list of users - which also returns ‘1’.

Thank you,
Paul

Can you try this curl command and report back what you get as a response, being sure you place yourApiToken with the token you generated for your super admin:

curl --location --request GET ' https://dev-48184511.okta.com/api/v1/users?limit=25' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--header 'Authorization: SSWS yourApiToken' \

if you prefer Postman, I highly recommend getting our Postman Collection for the Users endpoint so you can be certain your API request is well-formed.

Hi Andrea,

If I run your query I get this response:

{
“errorCode”: “E0000011”,
“errorSummary”: “Invalid token provided”,
“errorLink”: “E0000011”,
“errorId”: “oae-LBvjqsPSFmSdlXnlhJLkw”,
“errorCauses”:
}

Same if I run various queries from your Postman Collection and I just replace the URL and API token.

So maybe I don’t generate the API tokens correctly… I do it on the okta.com website, I press Create Token, then I save the generated string and use it in my requests.

Thank you,
Paul

I notice you mentioned setting the Authorization type to Type=OAuth 2.0 within your Postman call. Please update this to Inherit auth from parent

And the headers are set like such:

image696×236 15.2 KB

That’s the default, so that’s what I usually used. Auth 2.0 was something that I tried maybe once.

I created a new Okta account and used an URL in the form ‘https://dev-xxxxxxxx.okta.com’ instead of using the company name in the URL, this way it worked.

Thanks for all your help!
Paul

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.